EUVD-2016-7935

Malware in sbrugna...

EUVD-2013-5749

Malware in sbrugna...

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

K43570545: OpenSSL vulnerability CVE-2016-7055

Security Advisory Description There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private...

K34681653: OpenSSL vulnerability CVE-2017-3738

Security Advisory Description There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and a...

SUSE CVE-2007-3108

The BNfrommontgomery function in crypto/bn/bnmont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys...

SUSE CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Vulnerability of the Montgomery modular exponentiation function with constant time complexity in the OpenSSL and BoringSSL libraries, allowing attackers to execute arbitrary code.

The vulnerability of the Montgomery modular multiplication function with a constant time cost in the OpenSSL and BoringSSL libraries relates to the possibility of writing data beyond the buffer boundaries into memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by...

Mageia: Security Advisory (MGASA-2017-0453)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in OpenSSL libraries is related to an error in integer transfer on the x86_64 platform, which allows an attacker to gain unauthorized access to sensitive information.

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in the OpenSSL library is related to an error in arithmetic operations on the x8664 platform. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to sensiti...

The vulnerability of the Montgomery multiplication algorithm implementation in the OpenSSL library, related to key management errors, allows a hacker to trigger a denial-of-service attack.

The vulnerability of the Montgomery multiplication algorithm implementation in the OpenSSL library is related to a key management error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in OpenSSL libraries is related to an error in integer transfer on the x86_64 platform, which allows an attacker to gain unauthorized access to sensitive information.

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in the OpenSSL library is related to an error in arithmetic operations on the x8664 platform. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to sensiti...

Huawei Data Communication: OpenSSL Montgomery multiplication may produce incorrect results Vulnerability (huawei-sa-20170419-01-openssl)

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について

Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書（英語）をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1179)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7055

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 starting from version 1.0.2b introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake th...

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

Security Bulletin: Aspera OnDemand is affected by openSSL vulnerabilities (CVE-2017-3738)

Summary Aspera OnDemand has addressed the following openSSL vulnerabilities. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in...